[TYPO3-core] Life-time extension of TYPO3 4.7 and security-fix-only branches

Tue Dec 10 12:02:43 CET 2013

Hey guys,
in addition to the lifetime extension[1] of TYPO3 4.7 we wanted to let 
you know about some more insights on what we talked about at the Release 
Team Meeting regarding the in Stuttgart. A detailed protocol will follow 
the next days.

So in a nutshell we agreed on the following guidelines and solutions:
  * Support for TYPO3 4.7 will be extended until end of October 2014.
* The lifetime extension can be considered as onetime exception.
* We keep all stable branches in “security & bug fix” mode
* With reaching the “security & bug fix” phase a branch basically goes 
to merge-freeze and only a release team decision may merge patches there.
* As a result we advice developers to only contribute patches for these 
branches after there is a release manager approval for that.

The details behind that:
A close look at the current release agenda revealed that none of the 
TYPO3 CMS branches is in the bug fixing maintenance phase at the moment. 
In fact every stable branch of the TYPO3 CMS is in its “Priority Bug & 
Security fix” phase. At the same time the postponement of TYPO3 CMS 6.2 
has raised many questions among the members of the community concerning 
the resulting overlap from version 4.7 after the LTS releases. In 
addition to these points we regularly try to explain and try to 
establish the actual meaning of which fixes may find their ways into 
branches officially in the mode of “Priority and Security Fixes” only.

The TYPO3 CMS team came to the conclusion that there are no drawbacks by 
having no branch that is maintained regularly and that this only is a 
result of a special case around TYPO3 CMS 6.2 LTS development. Taking 
this unique situation, the CMS release team somehow is responsible for, 
into account and valuing the feedback we received from the user base we 
considered that we also should extend the maintenance phase of TYPO3 4.7 
by another 6 month. As a result we will provide security updates – if 
necessary – until October 2014 which gives all customers the opportunity 
to start migrating their projects to TYPO3 CMS 6.2 LTS in a timeframe of 
about half a year. The overhead created by this will be covered from the 
TYPO3 CMS Team Budget of the TYPO3 Association. Since community members 
finance the ongoing support extension for TYPO3 CMS 4.7, we highly 
appreciate you taking part in the current lifetime expansion, if you or 
your customers benefit from it.

Along with these topics we clarified what the security and priority 
fixes phase is about. Quite often we find ourselves arguing with 
customers and contributors, trying to explain what we mean by priority, 
and sadly disappoint contributors if we decide not to accept a patch 
made by them.

While we agreed, that the definition of “priority fix” would be 
something like “all fixes which prevent a formerly working instance from 
being used after something in the environment changed” and the usual 
examples like “new browser version and RTE is broken” or “new PHP patch 
level release which is incompatible” we considered that there is to much 
room for interpretation. A short example showed, that three Release 
Managers disagreed on the same patch being important. Reflecting this, 
we consider it even harder for contributors and customers to distinguish 
whether a patch might be considered as important.

Therefore we agreed on a new guideline for contributors regarding these 
branches: In order to avoid these discussions we think that no patch at 
all should be merged into these branches. If the release manager or the 
release team decides that a fix for a certain issue should be integrated 
in an old branch, we will announce that accordingly. Interested people 
than might start developing or porting the fix to the branch.

Best wishes

Steffen Ritter

[1] http://typo3.org/news/article/extended-support-for-typo3-47/